Hi,
The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.
Will there be any impact if we change these user's shell to /bin/false?
Like processes get interrupted, files cannot be generated, etc.
Regards
Are there any processes with any of these owners?
ps -fu bin,adm,daemon,uucp,lp,hpdb
These are probably affected.
IMHO, if the login password is locked/invalid, there is not much gain in disabling the login shell.
I agree. Have a look at /etc/shadow or wherever the credentials files are held (somewhere down /tcb/auth/files ?) where there is a file for each user. If the password is *LK* or something else that is not a random 13 character string, then they can't be logged onto anyway. In theory someone with super-user privilege could su to them without needing a password, but then they would have all privileges already.
Robin
/etc/shadow does not exist by default on HPUX system.
It is an additional install, and it should be done to harden the security, if required.
Otherwise, any user on the system can copy the /etc/passwd file and brute force the hashes.
You do not want to change those system users shell or anything else.
This is not a security issue nor it should be considered one since those users do not have a password defined.
Hope that helps
Regards
Peasant.